Castleforce are partnered with AwareGo and ISECT Ltd to offer organisations different ways to deliver IT Security Awareness messages to their employees.

The lack of user security awareness is the greatest threat to computer systems, but reaching people with security messages can often be difficult.

• AwareGo provide video sketches that are about 5 minutes in length and provide a fun learning approach with a security message.   The AwareGo videos are an excellent way to reach a broad audience.
• ISECT Ltd provide the Noticebored Security Awareness material to provide an innovative information security awareness content service.  The Noticeboard content service provides a wealth of material each month to your staff, managers and IT professionals, covering a fresh security topic each month.

  ---

Security awareness campaigns in information technology are used to encourage users to think about security, recognise risks and learn to respond accordingly.

Lack of user security awareness is the greatest threat to modern computer systems and the only way to mitigate the risk is by doing regular and diversified awareness campaigns.

Most people find security issues dry and uninteresting, that is why conventional methods often fail to reach their goals because employees do what they can to skip this important security measure.

The cost of security awareness related risks is various, from PC or computer system crashing due to mistakes, to losses due to break-ins or lost data, resulting in costs like data recovery, loss of income or lost reputation.

So, How about giving people what they want to watch and what they need to know in a user friendly environment?

Powerful reporting make sure you comply with laws, standards and policies.

Low Cost of Ownership and high Return on Investment makes AwareGO the most effective solution for your Security Awareness needs.

---

 

You can use the NoticeBored information security awareness content service to provide high quality, engaging materials and bags of creative energy to kick-start your information security awareness program, and build a genuine, widespread and deep-rooted security culture.  

Informing employees about current information security risks, illustrating them through topical news stories about real-world incidents;

• Providing, explaining and promoting commonsense security policies, standards, procedures and guidelines, incorporating and describing a broad range of good practice security controls;
• Describing information security roles, activities and obligations, promoting accountability and responsibility, and promoting compliance as something that benefits both the individual and the organisation;
• Encouraging employees to think and talk about information security;
• Gaining employees’ active participation in the organisation’s security infrastructure, going beyond simply ‘being aware’ by motivating employees to act more securely;
• Measuring progress on security awareness - testing knowledge, comparing parts of the business and generating metrics to drive security improvements;
• Most of all, making information security a subconscious habit - ‘the way we do things here’.

Noticebored are proud to have been acknowledged as a “best practice expert” in security awareness by ENISA, the European Network and Information Security Agency, alongside Gartner no less. The Noticebored Business Case for an Information Security Awareness Program contributed to ENISA’s Users’ Guide: How to Raise Information Security Awareness. The Users’ Guide expands considerably on our white paper with helpful advice to small companies on how to plan and establish security awareness programs.

Information security topic coverage

The complete portfolio of NoticeBored modules covers around 30 different information security topics. Most modules are refreshed/updated and reissued every three years or so with four core topics and the induction module being revised annually. The scope and contents of each module are derived from sources such as ISO/IEC 27001 and 27002, ITIL, COBIT, the Information Security Forum’s Standard of Good Practice, information security coverage in the professional news media and our own professional experience.

Here is the current portfolio of modules:

• Accountability and responsibility - examines, explains and contrasts these two commonly misunderstood concepts in the context of information security;
• Authentication and identity management (core module) - everything from choosing strong passwords to phishing, two factor authentication, biometrics, identity theft and access control;
• Bugs! - errors in program specification, design, coding or configuration by software development professionals and end-users can create security vulnerabilities;
• Change management - covers information security aspects of IT-related changes including patching, testing, configuration management and implementation of “IT projects”;
• Compliance - fulfilling obligations under IT/information security-related laws, regulations, standards, policies, procedures and guidelines including issues such as copyright, privacy, ISO/IEC 27000-series, ITIL etc.
• Computer auditing - understand what makes IT auditors tick, what they do and how to work with them most effectively;
• Contingency planning - planning for success by preparing to cope with the worst - includes business continuity, resilience and disaster recovery;
• Database security - securing large collections of valuable data against hackers, corruption, loss etc.;
• Email security (core module) - risks relating to the receipt and sending of electronic mail including malware, defamation, phishing etc.;
• General security awareness - our first module described security awareness tools and techniques.  This module subsequently became the induction module intended for new employee orientation;
• Hacking - tips to counteract hackers, crackers, industrial spies, fraudsters, criminals and other adversaries, being primarily but not exclusively outsiders;
• Incident management - the process around reacting to, containing, resolving and learning from information security incidents;
• Information security management - roles, structure and reporting lines for the security management function and its relationships with others;
• Information security risk management - explains the processes of analyzing and managing risks;
• Insider threat - covering the security threats represented by employees and others working in a similar capacity;
• Identity theft - based on the authentication and password modules, this one focuses specifically on identity theft risks and controls;
• IT governance - controlling and minimizing IT risks forms an integral and vital part of corporate governance;
• IT-related fraud - phishing, identity theft and other forms of fraud committed using IT systems and networks;
• Keeping secrets - all about keeping sensitive corporate and personal information confidential;
• Malware (core module) - viruses, worms, Trojans, key loggers, spyware, rootkits and more;
• Mobile and home working - information security considerations for road warriors & those working from home;
• Network security - all manner of information security issues linked with networking in general and the Web and wireless networks in particular;
• Network & systems management - processes for securely installing, configuring, monitoring and managing IT;
• Office information security - a range of security topics associated with the average office or workplace;
• Passwords & biometrics (core module) - presents advice to staff on choosing stronger passwords, coupled with advice to managers and IT on choosing better user authentication mechanisms;
• Personal data protection and privacy - focuses specifically on protection and privacy issues relating to data about living individuals (Personally Identifiable Information or Personal Data);
• Physical security - protecting the facilities against unauthorized access, fires, floods, overheating, power disturbance, lightning ...;
• Secure software development - integrating security with the system lifecycle from specification and design through to testing and configuration;
• Social engineering (core module) - the only practical way to tackle this threat is through genuine security awareness;
• Third parties - information security issues resulting from the increasing interconnectedness of modern organizations;
• Trade secrets - covering a spectrum of activities from competitive intelligence to information warfare.

Noticebored put a lot of effort into researching and staying abreast of the very latest information security advances, threats and controls. When the technologies and approaches mature enough to enter the mainstream, they either update and reissue or prepare brand new modules. In this way, NoticeBored is constantly evolving.

---

Security-awareness programs have the highest payback compared with almost all other countermeasures.  When the people in your organisation become truly security conscious, they will come up with countermeasures that never occurred to you.

Quote from 'Spies Among us' by Ira Winkler.

---

• Get your people interested in IT Security.
• IT Security awareness made simple and easy.

---

Compliance Standards

GCSX No 2 User Education

Requirement 12: Maintain a policy that addresses information security

A.8.2 During employment

 

---

The Business Case for an IT Security Awareness Program

Dr Gary Hinson BSc PhD CISSP CISM CISA MBA has developed the following white paper that documents the Business Case for an IT Security Awareness Program which clearly idenetifies the need and justification for such measures.  

---

Information Security Awareness Briefing Pack for Software Developers

Many organisations seem to believe that IT professionals just know about information security, expecting them to design and implement technical security controls in the IT systems. But in reality, security is a specialist discipline poorly covered by IT courses, hence the skills are rare in practice. Add to that the fact that many spreadsheets and databases are developed by entirely untrained users on their desktops, and I’m sure you can appreciate the need for assistance.